Closed
Bug 278385
Opened 21 years ago
Closed 21 years ago
malformed table causes crash
Categories
(Core :: Layout: Tables, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: taviso, Assigned: bernd_mozilla)
References
Details
(Keywords: crash, regression, testcase)
Attachments
(1 file)
|
459 bytes,
text/html
|
Details |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b) Gecko/20050114 Firefox/1.0+
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b) Gecko/20050114 Firefox/1.0+
sometime between 25/11/2004 and 05/12/2004 (sorry, can't be more specific, there
are nightly builds missing from the archive) the testcase attached started to
crash mozilla. It's horribly malformed, but it's something I ran into in the
wild (this is a stripped down testcase).
Crashes:
http://archive.mozilla.org/pub/firefox/nightly/2004-12-05-07-trunk/firefox-1.0+.en-US.linux-i686.tar.gz
Doesn't Crash:
http://archive.mozilla.org/pub/firefox/nightly/2004-11-25-07-trunk/firefox-i686-linux-gtk2+xft.tar.gz
I checked out cvs and built with the patch in bug 171234, comment 13 (I thought
it might be related), but no luck.
Reproducible: Always
Steps to Reproduce:
1. view testcase in a post-December 5th build
Actual Results:
dumps core
|
Reporter | |
Comment 1•21 years ago
|
||
|
|
Reporter | |
Comment 2•21 years ago
|
||
Here's some backtrace, lookes like a NULL pointer dereference in there
somewhere.
#0 nsStyleContext::GetStyleData(nsStyleStructID) (this=0x0,
aSID=eStyleStruct_Position) at nsRuleNode.h:210
#1 0x41d94371 in nsTableColFrame::GetStyleWidth() const (this=0x86714d8)
at nsIFrame.h:611
#2 0x41d88d6b in BasicTableLayoutStrategy::AssignNonPctColumnWidths(int,
nsHTMLReflowState const&) (this=0x85c1b20, aMaxWidth=14670,
aReflowState=@0xbfffb550)
at BasicTableLayoutStrategy.cpp:1084
#3 0x41d872f8 in BasicTableLayoutStrategy::Initialize(nsHTMLReflowState const&)
(this=0x85c1b20, aReflowState=@0xbfffb550) at BasicTableLayoutStrategy.cpp:143
#4 0x41d99026 in nsTableFrame::Reflow(nsPresContext*, nsHTMLReflowMetrics&,
nsHTMLReflowState const&, unsigned&) (this=0x86e8214, aPresContext=0x84f0fd8,
aDesiredSize=@0xbfffb760, aReflowState=@0xbfffb550, aStatus=@0xbfffb960)
at nsTableFrame.cpp:1928
#5 0x41cb699b in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*,
nsHTMLReflowMetrics&, nsHTMLReflowState const&, int, int, unsigned, unsigned&) (
this=0x86e80bc, aKidFrame=0x86e8214, aPresContext=0x84f0fd8,
aDesiredSize=@0x41ffdfe0, aReflowState=@0x41ffdfe0, aX=0, aY=0, aFlags=3,
aStatus=@0xbfffb960) at nsContainerFrame.cpp:950
|
|
Reporter | |
Updated•21 years ago
|
|
|
Reporter | |
Comment 3•21 years ago
|
||
uhh, sorry, that should have been the patch in bug 269566, comment 13
|
||
Comment 4•21 years ago
|
||
Looks like this broke between 2004-12-01-06 and 2004-12-02-11. So looks like
fallout from bug 269648.
Assignee: nobody → bernd_mozilla
Depends on: 269648
|
||
Comment 5•21 years ago
|
||
3 day timeframe for regression:
BuildID 2004113004 working
BuildID 2004120223 crashing
BuildID 2005011308 Talkback TB3066474H
working: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8a6) Gecko/20041130
Keywords: regression
OS: Linux → All
|
|
||
Comment 6•21 years ago
|
||
Hermann, there's a one-day timeframe in the comment right before yours...
this should be fixed by checkin for bug 277062
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•